In the light of Capco’s new series on the future of the Chief Data Office (CDO), Bertie Haskins, Head of Data in APAC, offers thoughts on how to build data leadership in the APAC region. His insights explore which global drivers of data leadership are most relevant in APAC and the challenges that data leaders must overcome. These include the uneven maturity of data practices in APAC, the need for data localization, and fast-emerging regulation including around AI. These forces are converging to make the compliant movement of trusted data and privacy-by-design central to APAC’s data leadership story.
The first part of Capco’s series on the future of the chief data office (CDO) – accessed through the link at the bottom of this page – will resonate with data leaders in the APAC region.1 The paper sets out the recent evolutionary trajectory of CDOs, an office that began emerging in large numbers over a decade ago as a way of articulating responses to a wave of data reporting and privacy regulation around the world.
It is no longer enough to manage data and its risks. More recently, CDOs have worked hard to become ‘data democratizers’ – meeting business needs for data access – and ‘value creators’ who deliver well-described data products and enable AI deployments. Modern data leaders must accelerate business outcomes, reduce friction, and turn intelligence into measurable business impact faster, cheaper and at scale.
Our global article explains that CDOs are now evolving into AI enablers with an intensifying focus on GenAI, Agentic AI and unstructured data management. They will eventually become the architects of intelligence ecosystems that bring together human experts, AI agents and the curation of machine-generated knowledge. More immediately, the new mandate for data leaders means developing capabilities such as:
To rise to the challenge, APAC’s data leaders must take account of three key regional characteristics as they build their strategy for success.
There is a marked diversity of data practices in APAC financial institutions. In some markets and sectors, APAC boasts world leaders in applying digitization, AI and data to improve customer experiences and speed up credit and insurance processes. This is evident, for example, in China’s super app ecosystems and the Chinese insurance sector, with some leading insurers now underwriting 9 in 10 life polices within seconds and settling claims in minutes.3 Across the region, a new generation of digital banks is accelerating onboarding and credit decisioning, often by leveraging new credit-relevant data from super apps or utilities.4
However, the heterogeneity of the region’s economies and the relatively slow evolution of data regulation in APAC – versus the EU, UK and US – means that data maturity remains uneven. Many APAC institutions are still working to establish master data management strategies to help clean, standardize and govern data across the enterprise. Data functions are often still establishing their role in relation to technology and business functions, and much work remains to be done in terms of developing robust data products, data marketplaces and AI frameworks.
This diversity of data practice means that data leaders need to understand where they are today before they can map out where they are going tomorrow. A good starting point is to assess data maturity relative to the future trajectory set out in our diagram and also against current regional and global benchmarks. For example, the EDM Association's DCAM-based global data management survey has substantial APAC participation, with the latest results becoming available in December and January.5
Any approach to protecting and leveraging data needs to take account of three key pillars:
The key here is to ensure privacy, protection and governance strategies are aligned with – and enable – business objectives, as well as providing a comprehensive view of data throughout its lifecycle.
An assessment and mapping process can reveal significant opportunities. Given the accelerating pace of change in data practices and data technologies, APAC institutions that are presently behind the curve have a chance to ‘leapfrog’ competitors and move along the evolutionary trajectory much faster than would have been possible five years ago. Regulatory harmonization – such as the ASEAN framework on Digital Data Governance (DDG) and APEC’s Cross-Border Privacy Rules system – is lowering the barriers to that acceleration.
To offer a specific example of the potential for rapid advance, Thailand’s new virtual banks, set to go operational during 2026, have an opportunity to build greenfield platforms offering 360-degree views of the customer across product lines.6 This will allow them to sidestep the legacy system issues and product data silos that hold back more established competitors.
However, the opportunity to ‘leapfrog’ also applies to market incumbents, who can now leverage new technologies and practices such as data by design and efficient Agentic AI data management.
A second key issue is that of fast-evolving data privacy rules. Here again, the diversity and evolving nature of data regulation in many different jurisdictions – e.g. China, Singapore, India, Thailand, Malaysia – distinguishes APAC from the more mature and unified data landscape in the EU and the US.
The pace of regulatory change is now quickening in key areas such as data privacy and responsible AI deployment. In particular, data localization rules are still developing and being clarified. For example, last Spring the Chinese authorities set out a Q&A clarifying China’s data export rules,7 and Malaysia outlined cross-border personal data transfer guidelines.8
Data localization means that certain kinds of data generated by the business must be kept within the borders of the country or exported only under stringent conditions. The result is that large banks and insurers operating across multiple different markets in the APAC region face numerous challenges when trying to optimize or commercialize their use of data.
APAC’s financial institutions are increasingly obliged to ask themselves basic questions, such as ‘Can we share this data or move it across a border?’ Getting the answer right means tracking the evolving regional rules. It also means redesigning internal data processes, controls and infrastructure to enable positive, confident answers. For example, consent-aware master data management or tokenization gateways can enable compliant cross-border analytics.
The good news is that although local rules vary, many practices that data leaders need to adopt to remain compliant are universal in nature. APAC firms can therefore apply many global lessons on what works and what does not – for example regarding master data management strategies, metadata tagging, anonymizing data, privacy rules, access control and building effective data marketplaces.
These universal lessons and controls not only ensure compliance but also enable the reuse of trusted data to create enterprise value. Localization should not therefore be approached as a constraint, but as a design principle that embeds privacy and residency controls into the data fabric itself.
Around the world, banks and insurers are using AI to improve their operations and decision making in areas such as customer analytics, regulatory gap analysis, and internal operational improvements, e.g. through strengthening AML processes, payments fraud detection or document verification.
Surveys suggest that over two thirds of financial institutions in some APAC markets have implemented at least one AI application.9 However, most evidence suggests that many financial institutions are finding it hard to deploy and scale large numbers of use cases. So far, most applications augment or speed up human work rather than replacing it.
Industry research is revealing the barriers that slow down AI adoption. This Spring, a survey published by the Hong Kong Institute for Monetary and Financial Research identified the top three risk considerations of financial institutions as: 10
The environment for scaling AI is, however, becoming clearer in terms of emerging regulatory guidelines and frameworks. These include cross-sector guidelines such as those published in Hong Kong earlier this year,11 the Monetary Authority of Singapore’s good practices for AI model risk management,12 Bank Negara Malaysia’s discussion paper on responsible AI adoption,13 and Thailand’s guidelines for risk managing AI systems.14 There are also initiatives such as Singapore’s AI Verify to offer tools to test for the responsible use of AI. 15 Meanwhile, industry conversations, including thought leadership offered by Capco, are helping to define the necessary frameworks and priorities when deploying responsible AI.16
For data leaders in APAC, this rapidly evolving landscape is an opportunity as well as a challenge. Data is the most fundamental variable in AI deployment strategies, and the variable that is most under the control of each financial institution – given that many institutions license their LLMs, albeit with institution-specific tuning and guardrails.
Data leaders need to show the way here, both in terms of using AI themselves to make data processes faster and better, and through providing the robust data frameworks and infrastructure that businesses need to implement AI use cases. For example, embedding lineage controls alongside robust approaches to explainability will allow institutions to deploy AI faster while retaining the confidence of regulators. Likewise, data leaders need to roll out frameworks for managing unstructured data.
There are many opportunities in APAC to deploy AI in ways that help financial institutions compete and differentiate themselves. For example, combining compliant data management and best-practice AI tools can allow banks to better understand credit profiles when offering credit products to the region’s underserved customer segments. However, deploying AI responsibly will depend on data leaders making trusted, easily discoverable and well-localized data available to their business functions and business lines.
Data leaders in Asia, like those around the world, are at a critical juncture. They must change how they are perceived from ‘cost center’ to ‘driver of growth and innovation’.
As we explain further in our global article, this will mean developing a series of new capabilities including building a clearer line of sight from data and AI spend to business impact, creating new data-driven revenue streams, and making AI scalable, safe and explainable.
Data leaders in APAC should set out clear goals and roadmaps that take account of the APAC landscape. Their aim should be secure a role as enterprise strategists who – in addition to mitigating data risks – also deliver rapid actionable intelligence offering measurable value.
1 https://www.capco.com/intelligence/capco-intelligence/the-chief-data-office-reimagined
2 https://www.mas.gov.sg/publications/monographs-or-information-paper/2024/artificial-intelligence-model-risk-management
3 https://group.pingan.com/media/news/2024/pingan-co-hosts-fintech-forum.html
4 https://www.fico.com/en/newsroom/gxs-bank-achieves-remarkable-onboarding-efficiency; https://www.capco.com/thailands-virtual-banks-banking-for-everyone
5 https://edmcouncil.org/announcement/the-edm-association-global-data-management-benchmark-2025-survey-is-live/
6 https://www.capco.com/intelligence/capco-intelligence/thailands-virtual-banks-banking-for-everyone
7 https://www.cac.gov.cn/2025-04/09/c_1745906286623776.htm
8 https://www.pdp.gov.my/ppdpv1/en/buku-garis-panduan-pemindahan-data-peribadi-rentas-sempadan-cbpdt-2/
9 https://www.bnm.gov.my/documents/20124/938039/DP_Artificial_Intelligence_in_the_Financial_Sector.pdf
10 https://www.hkma.gov.hk/eng/news-and-media/press-releases/2025/04/20250409-3/
11 https://www.digitalpolicy.gov.hk/en/our_work/data_governance/HK_Generative_AI_Technical_and_Application_Guideline_en.pdf
12 https://www.mas.gov.sg/publications/monographs-or-information-paper/2024/artificial-intelligence-model-risk-management
13 https://www.bnm.gov.my/-/dp-aifs25
14 https://www.bot.or.th/th/laws-and-rules/public-hearing/public-hearing-20250612.html
15 https://www.imda.gov.sg/resources/press-releases-factsheets-and-speeches/press-releases/2023/singapore-launches-ai-verify-foundation
16 https://www.capco.com/how-to-safely-embed-a-generative-ai-powered-solution; https://www.capco.com/five-foundational-elements-for-genai-governance-in-financial-services
